Posts by YetAnotherJoeBlow

Contracts

I have a couple of government contracts - one in the US and and another in Asia. I sent an email to my contact in Asia saying I understand their situation and offered them an out. " Na - you can continue - we are still setting sail." I also have several active contracts in the US and elsewhere that are business as usual. Life will still continue.

he was able to download...

"... and that he accessed the document after his resignation from Google."

You can do that at Google? At all of my clients when they fire a person or when someone resigns, they are locked out before they ever even leave the office they quit or were fired in. By the time the interview is over, there is a list of what needs to be returned and also what the person has downloaded recently (about 1 yr.)

In fact a few of my clients have key people when hired agree to submit to a whole body scan on entrance and exit. This always includes me too although I never need to bring in anything.

For a minute...

For a minute there, I thought aManfromMars changed his nick to Long John Silver.

Once again...

Yet another reason to hold CEOs personally accountable for both civil and criminal matters for preventable information disclosure. (ie a permissions problem.)

Relevent?

IBM is really not relevant anymore; when they decreased investment and hiring GREAT scientists in Watson, this is the obvious result. Well done Ginny! Here is that golden parachute we promised you. We will be pushing you out at 30000 ft. (We told you it was gold didn't we?)

I wonder...

What if all this is just theater?

Backdoors

I imagine that this exploit was just standard no review careless approach to engineering. However, The ME is a different story. Before those chips were released, the NSA got a batch with the ME disabled - because, of course, they knew. The NSA has revealed its hand.

Never

Never hire a brilliant engineer that you wouldn't enjoy having a few beers with on Fridays.

I use PS

I use a hacked up version of Wine for some of my clients that I manage with a hacked up version of MS PS 6.2x. It saves me so much time its indispensable.

In the future...

All these companies streaming and locally hosting instead of going to conventions. If this process works out well for the companies, they might cut down on the many Cons they attend each year. The entire convention industry might be made redundant or shrink considerably. There are way too many conventions anyway....

Yeah, right.

"We are seeing a massive conversion to SAP S/4HANA..." Hahaaaahaaaaa That is a good one.

MS more of the same

I'll probably be retired when this all falls apart but I will certainly enjoy watching and listening to the excuses parade.

At this point in life...

I am glad that I make policy instead of following it. None of my clients use nodejs - they are smarter than letting all-comers inject code into their repositories. I wouldn't service the customer as I wouldn't want to take the blame when ransom ware strikes. My livelihood depends on that.

Secure firefox

The below link is a nice summary to harden the Firefox browser. Also grab a search engine from Mycroft as Mozilla passes your browser info every time you use search.

Harden Firefox:

https://www.privateinternetaccess.com/blog/2018/09/firefox-hardening-guide/

search engines:

https://mycroftproject.com/dlstats.html

Jassy

Jassy is scratching his head thinking gee we even hired two of them to get that contract. A bastion of ethics there.

wasm

My browser is locked down as much as possible and run in sandbox locked down as much as possible - I still will not run scripts or binary blobs. If a site breaks, I go somewhere else. Usually, I do not give a flying f*** what the standards say. If it looks like shite and smells like shite... Want Another Shite Meal?

config changes

I am so sick and tired of software that changes my configurations without telling me - I do things in there for a reason. I can not begin to count how many times vendors make those changes - and by people who should know better. It is just part of the new era apparently, I call it arrogance. Technically, that action is quasi illegal - modifying a computer system without authorization ...

redox

I'm probably missing something, but the last time I looked I found C code in I think in relibc and one other spot I can not remember. I also noticed that when it's time to do "the fun stuff" every thing is prefixed with unsafe. So in the end it is still unsafe correct? Like I said though, I'm probably missing something.

HAHAHAHA

Google complaing about fairness!! F___in hypocrites.

"Assange clearly requires mental health care"

I dare say that Mr. Assange is truly seeing his demons.

Just my opinion

I think possibly the first compromise Avast had was perhaps more damaging than they realized. If I do not see a privilege escalation CVE from BIS, they either are not patching or their network is still compromised.

Lost their mind?

Have all the adults left the building? I just can not imagine how their thought processes came to the conclusion that this is what everyone needs.

Office

I still have M$ 2016 on my windows test machine, the last version I'll ever buy. It will never expire, and I'll not give M$ another red cent for anything. To be honest, Libre Office is more compatible than M$ is on older docs.

Well done

"To put it in simple terms, GPL is like BSD with one restriction: you are not allowed to attach any more restrictions. Just give it away the same way you received it"

@AC: Now that is the most succinct definition of the GPL I have ever read; Have an up vote.

I wonder...

The more I read about this group of side channel attacks, I'm beginning to wonder if this is intentional. Then again, maybe I give too much credit where credit is not due.

I wish...

When are we going to learn that a document or a image is not a code repository? That's why one never opens any Microsoft format and PDF docs unless it's sand boxed; even then it may still bite.

A new law...

Before the lawyers are paid, x% claimants must be made whole with funds reserved for the rest of the claimants. Then the lawyers can take their percentage.

And then one day...

Hey Joe, Acme, Inc. has an urgent need to get their CICS problems handled, ASAP!

Joe: CICS? WTF is CICS?

As usual...

They really hate it when they are made to do their job.

Again

I get no pleasure in saying this, but I think it is unsound practice for a small/medium company to host their own critical resources; NOT AS A SERVICE. You will always be a victim to all of this malarkey.

"It cannot be a sustainable end state for us to be creating an unfettered space that’s beyond lawful access for terrorists, hackers, and child predators to hide. But that’s the path we’re on now, if we don’t come together to solve this problem."

See what they are doing? They are trying to raise the bar from IF we implement crypto backdoors to Why not help us backdoor crypto, it will be better then.

Zuck to Uncle Sam: Go ahead, regulate me, regulate me like the naughty little ******* *itch I am.

FTFY

What they really want..

The government doesn't really want the "key" per say, what the government really wants is to pass a law against cryptography so that if the feds can't decrypt it, the individual(s) are guilty of using crypto without a license and to be sentenced to jail up to 10 years each count, with time off if the individual(s) give the feds the key.

You can see where this is going... That law would be catastrophic; swinging the pendulum so far to the right, it may never recover.

Do not forget, If the NSA wants to read your files, they will read your files.

Surprise

This is one of many reasons why we dumped "the cloud" over 30 years ago...

You know, thats why we study history. Lest we be doomed by the same mistakes in the past...

That will work:

Of course the baddies will immediately stop using strong crypto so world+dog can read their plans - they also

wouldn't set up their own servers around the world for secured comms because doing so would be illegal.

Of course, I'll delete all of my crypto repos (my life long work) and force my clients to do the same; then I'll close my business.

It's never too late to shut the barn door even if its empty.

Progress

Remember when during the days of timesharing, payroll processing, et al? Then came the day where small business could afford a computer. No more arguing with your timeshare provider in the "cloud"! No more lost data, or telecom problems. Reports now produced on time!

Now in our infinite wisdom, we jump back 20 years in time, AND expose our data to any hacker that has about a days time to help themselves to your data. WTF were they thinking? Then the bills come, and keep coming...

My schedule is my livelihood. All I need is on my phone; if that gets lost, I go to my home server. If that goes down, I restore frome tape. At the beginning of the day I print my calendar out and take it with me for convenience and safety. If I cannot manage my own calendar, how can my clients trust me to manage their critical data?

I wonder when we will go back to onsite again?

Yep...

That NPM was a brilliant idea. They really thought it through. I especially like when I'm building privileged code and watch as it pulls non-vetted source code into my build. Everyone knows my builds; quality you can trust.

Wondering

Why not have a shadow profile? Just use it a couple days a week or so and give INS this profile. Even better if you've had this profile at least a year.

In the end...

Who would you rather be, a Chinese company fighting in the US courts, or a US company fighting in the Chinese courts?

I use Proton Mail too. So far so good but i still PGP encrypt first on my pc before I send it anyway. Proton Mail gives you a false sense of security only because the vast majority of your emails come from outside Proton Mail over unencrypted port 23. So if necessary, all one has to do is a minor change to their server to collect all your incoming and outgoing SMTP as it arrives or leaves before it gets encrypted with your private key.

So far they have been very reliable.

Depressing

That news really depressed me. For a couple of months, I worked on a Cray XMP, water cooled and all; FORTRAN with some pragmas. Nothing sacred anymore. I need to retire.